From 89dbe5cfc5f03f898ae1cc839f00831ebda9505a Mon Sep 17 00:00:00 2001
From: Slavi Pantaleev <slavi@devture.com>
Date: Thu, 19 Dec 2019 09:07:24 +0200
Subject: [PATCH] Add the ability to control the certbot HTTP bind port

Fixes #330 (Github Issue).
---
 roles/matrix-nginx-proxy/defaults/main.yml                 | 7 +++++++
 .../tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/matrix-nginx-proxy/defaults/main.yml b/roles/matrix-nginx-proxy/defaults/main.yml
index fe0f66fdb..d5dafb598 100644
--- a/roles/matrix-nginx-proxy/defaults/main.yml
+++ b/roles/matrix-nginx-proxy/defaults/main.yml
@@ -198,6 +198,13 @@ matrix_ssl_lets_encrypt_certbot_docker_image_force_pull: "{{ matrix_ssl_lets_enc
 matrix_ssl_lets_encrypt_certbot_standalone_http_port: 2402
 matrix_ssl_lets_encrypt_support_email: ~
 
+# Tells which interface and port the Let's Encrypt (certbot) container should try to bind to
+# when it tries to obtain initial certificates in standalone mode.
+#
+# This should normally be a public interface and port.
+# If you'd like to not bind on all IP addresses, specify one explicitly (e.g. `a.b.c.d:80`)
+matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port: '80'
+
 matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
 matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
 matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
diff --git a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
index 85afce2c9..19500b154 100644
--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
@@ -21,7 +21,7 @@
     --name=matrix-certbot
     --user={{ matrix_user_uid }}:{{ matrix_user_gid }}
     --cap-drop=ALL
-    -p 80:8080
+    -p {{ matrix_ssl_lets_encrypt_container_standalone_http_host_bind_port }}:8080
     -v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt
     -v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt
     {{ matrix_ssl_lets_encrypt_certbot_docker_image }}